US20040008103A1 - Vehicle security system - Google Patents

Abstract

A security system including a vehicle based security manager processor and a communications module linked to the security manager processor. The communications module is capable of communicating to a remote call center by way of an internet communication link. If certain security protocols are breached, the call center communicates a shutdown command to the vehicle by way of the internet communications link and the vehicle initiates a shutdown procedure for incapacitating the vehicle.

Description

TECHNICAL FIELD
• The present invention generally relates to security systems and more particularly relates to vehicle security systems.[0001]
BACKGROUND OF THE INVENTION
• Existing vehicle security systems are primarily autonomous systems used to detect theft or vandalization of vehicle components or improper vehicle entry. More sophisticated vehicle security systems exist that provide some form of vehicle status information which is relayed back to a monitoring center. The OnStar® system provides the ability for a vehicle operator to electronically communicate via “voice communications” with someone manning a call center. These communications are typically used to verbally provide routing, and other navigational information to the vehicle operator. They are also used by the vehicle operator to communicate vehicle operational problems to the call center so that the appropriate assistance can be dispatched to the vehicle operator.[0002]
• In view of the recent homeland security issues, protecting vehicles against theft or vandalism has become secondary giving way to a primary concern of protecting citizens from vehicles that could possibly be used for mass destruction of life. The present invention is particularly well suited to remotely disable any vehicle, especially a land based or aquatic based vehicle.[0003]
BRIEF DESCRIPTION OF THE DRAWINGS
• FIG. 1 is a diagrammatic view of the hardware and software building blocks used to implement the preferred embodiment of the disclosed vehicle security system.[0004]
• FIG. 2 is a diagrammatic depiction used to discuss the various communication links and methods used by the security system of the present invention to communicate with and to disable the vehicle.[0005]
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
• Security Hardware and Software[0006]
• Now referring to FIG. 1, the[0007]security system10 of the present invention is preferably mounted within truck PC/entertainment unit12. Most modern trucks typically employ a PC/entertainment unit12 mounted in the dash of the truck. The entertainment unit typically includes a radio, CD player, two-way radio, and the like. Thesecurity system10 of the present invention (particularly thesecurity functionality module13 portion of security system10), is particularly well suited to be integrated into the truck PC/entertainment unit12, thereby yielding a unitary package. Although the preferred embodiment of the present invention is to install thesecurity system10 inside the truck PC/entertainment unit12, it is to be understood that the security system10 (including module13) can function equally well as a stand alone unit sold on new vehicles or as a retrofit unit sold for installation on existing vehicles. Additionally, although it is envisioned that thesecurity system10 of the present invention will be particularly well suited to be placed on trucks carrying potentially hazardous materials, the present invention is not limited to trucks, but is also well suited to any land based or water based vehicle where security monitoring or remote disablement is desirable. Because the present invention is particularly well suited for the heavy truck and hauling industry, much of the discussion herein is particularly applicable to the trucking industry. However, as stated above, nothing in this disclosure should be deemed to limit this disclosure to the trucking industry.
• The primary preferred inputs to the[0008]security functionality module13 includewireless modem link14,GPS link42,voice input link16, fingerprint ID link18,keyboard input link20, and battery operatedremote link22. The primary outputs from thesecurity functionality module13 include truckPC display device24, andaudio output device26. Additional input/output paths (I/O) allowsecurity functionality module13 to interface directly with various hardware components of the vehicle engine, transmission, and fuel delivery system.
• The heart of[0009]security functionality module13 is thesecurity manager processor30. In its preferred embodiment, security manager processor is implemented by way of a dedicated microprocessor; however, other implementations are possible such as a hardware implementation. Detail explanation of the functions carried out bysecurity functionality module13 are set forth below in conjunction with the various modes of operation capable of implementation by thesecurity system10 of the present invention.
• Security Modes[0010]
• The following describes four preferred security modes the[0011]security system10 of the present invention is capable of implementing. The majority of these modes include disabling the truck in a secure manner thereby preventing unauthorized use of the vehicle. In cases where the truck is transporting dangerous substances, thesecurity system10 will eliminate, or substantially impede, any attempts to steal or misuse the vehicle.
• Reported Theft Security Method[0012]
• In this scenario, the vehicle driver reports the theft of the[0013]vehicle33 to the call center32 (see FIG. 2). As shown in FIG. 2, this method of communication between the vehicle operator and thecall center32 would, in most instances, take place over a conventionaltelephone communication line34. Thereafter, the call center communicates with theappropriate vehicle33 using the IP address assigned to that particular vehicle's truck PC system and enters the appropriate password using an internet browser Secure Socket Layer (SSL)Session38. The security functionality module13- is capable of receiving and sending internet communications by virtue ofwireless modem14,internet connection module36, web server securedaccess module38, and webpage provider module40. Upon receipt of the correct password, thesecurity manager processor30 serves a web page to callcenter32 by way of webpage provider module40. The served web page gives various system options to the call center operators, one of which is the shut down option. If theoperators32 select the shut down option, the security manager processor requests confirmation from the call center by requesting a vehicle shutdown password. Upon receiving a valid password, thesecurity manager processor30 initiates a shut down sequence allowing time for the driver to move to a safe parking area (see Safety Considerations below).
• Route Tracking Security Mode[0014]
• Tracking of the vehicle using periodic GPS (Global Positioning System) transmission by way of a wireless internet connection is possible by virtue of using[0015]modules36, and38 in conjunction withsecurity manager processor30 and globalposition sensor module42. Specifically, globalpositioning sensor module42 receives global positioning signals and translates those into position information which is sent tosecurity manager30 for processing and communicating to callcenter32 by way ofmodules36,38, and wireless modem14 (as has already been described above). It is contemplated that in the route tracking security mode, a route is pre-programmed into the security manager processor so either manually (by way of keyboard20) or remotely by way of the internet. If thetruck33 deviates from this programmed route by more than a predetermined distance (the predetermined distance is preferably determined by the call center32), thesecurity manager processor30 notifies thecall center32. Thecall center32 would then prompt the vehicle operator to input a password in order to permit continued operation of the vehicle. If the password is not entered, or entered incorrectly, the call center could initiate vehicle shutdown immediately, or within a programmed period of time (e.g. five minutes).
• Periodic Driver Authentication Security Mode[0016]
• Under this methodology, driver authentication is conducted either periodically or every ignition cycle by the driver entering an identification number. A technique of required periodic entry of an ID number guarantees that the driver is authenticated even when remote communications are not possible and the vehicle is not being tracked. For example, it may be that wireless coverage does not exist during a significant portion of the vehicle's route. The periodic entry of the driver ID ensures that the driver is the driver authorized to operate the vehicle. This ID can be either fixed, changed periodically by[0017]call center32, or changed automatically by thesecurity manager processor30 based on a shared “rolling code” algorithm. The implementation of a “rolling code” algorithm requires the truck driver to have a means for obtaining new ID's based on time (e.g. a secure ID). This ID would be a function of time and the vehicle ID:
• ID=function (t,vehicleID)
• where the function is a standard crypto-rolling code to be determined. The ID can be entered either by way of the[0018]keyboard20 or via avoice input16 which is processed byvoice recognition module44. ID input by way of voice is the preferred mode of data input by the vehicle driver because it promotes greater levels of safety by allowing the vehicle operator to communicate withsecurity system10 while still keeping his “eyes on the road.” In normal situations, when there is a low level security alert status, thesecurity manager processor30 may only require driver ID verification every 2-4 hours. This infrequent ID request will have minimal impact on the driver's normal driving routine; however, in times when the nation is put on high alert,call center32 can require more frequent verification of driver ID (perhaps as frequently as every fifteen minutes or so). This increased level of driver inconvenience is offset by the need of greater diligence during times of “high alert” status. The internet connectivity ofsecurity system10, permits this kind of dynamic behavior.
• It is also contemplated that the driver authentication could be done electronically (e.g. by way of a short range, wireless link or ID card that the driver keeps on his person). Other techniques of driver verification include finger[0019]print ID recognition18 and voice signature recognition techniques (voice signature recognition techniques not shown).
• Alarm Security Mode[0020]
• In the event of a hijack attempt, the truck driver can press an alarm button on[0021]keyboard20 or manually activate a panic button on a remotekey FOB transmitter22. Aremote transmitter22 could also be used to immediately enable the security features of the truck thereby requiring re-entry of the driver ID before the vehicle could be operated. In the alarm security mode, the personnel ofcall center32 would be immediately notified via theinternet link14,36,38 that a problem occurred.
• Deactivation Methods[0022]
• It is contemplated that in the preferred embodiment of the present invention, the following event would lead to a vehicle deactivation—wireless deactivation (initiated by call center[0023]32), incorrect entry of a periodic password by the truck driver, incorrect entry of a password needed for a route deviation, or manual deactivation by the driver (either by way of battery operated remote22 or keyboard input20). After any one of the vehicle deactivation events described above, thesecurity manager processor30 would initiate a truck shutdown sequence. This sequence would lead to one or more of the following events:
• 1. Deactivation of[0024]relays46,48, or50 using discreet I/O lines28 fromvehicle port52 ofsecurity manager processor30. The relays46-50 can function in any number of manner to interrupt engine operation including immediately ceasing or gradually decreasing fuel flow to the engine (relay46); commanding engine control module interruptrelay50 to interrupt engine spark; or the use of a “smart relay”48 which periodically must receive a “keep alive” signal fromsecurity manager processor30 in order to prevent it from interrupting the engine fuel supply (see Tamper Resistance below for detailed information). Although a simple fuel interruptrelay46 is easy to implement (especially when retrofitting existing vehicles), a “smart relay”48 system is superior to a simple fuel interruptrelay46 in that any incapacitation ofsecurity manager processor30 automatically causes fuel interrupt “smart relay”48 to engage and cease fuel flow to the engine.
• 2.[0025]Signals54 can also be used to incapacitatetransmission controllers58 orbrake controllers60 resulting in disabling the vehicle (preventing the transmission to be moved from neutral) or applying the brakes, etc. Signals sent alongcommunication path28 can be dedicated I/O lines for eachmodule46,38,50. Signals sent alongline54 for each module,56,58,60, are preferably serial communication alongserial communication bus54 to communicate withengine control module56,transmission control module58, orbrake control module60 to immobilize the vehicle. This could be done on an OEM type installation where the ECM transmission control module types are known before installation.
• Safety Considerations[0026]
• There are two main safety scenarios to be considered when designing a forced vehicle shutdown protocol. The first is when the vehicle is transporting hazardous/dangerous cargo and the second is when the vehicle cargo is not dangerous and can be shut down without[0027]call center30 interaction. In the second case, it is important to give the vehicle operator proper and ample notification of vehicle shutdown in order to allow enough time for the driver to pull over into a safe area to park the vehicle. Thesecurity manager processor30 will provide an audible message by way ofaudio output device26 to the vehicle operator. This message indicates a security alert and that the vehicle is going to shut down in forty-five seconds (or the like). The audio system allows for alert messages of high priority to override power, volume, or other audio sources that might be competing for the use ofaudio output device26. Thus it will be ensured that the driver receives the highest priority alert message. Once a shutdown command is received from call center32 (or from security manager processor30), an audio message will continue to countdown from the maximum alert time (which is programmable) to a five to ten second warning to a final vehicle shutdown. Once the countdown begins, nothing can be done to prevent vehicle shutdown. The sequence of audible shutdown messages would originate from thesecurity manager processor30 to prevent unauthorized users from preventing the vehicle shutdown by disabling the wireless communication system (e.g. removal of an antenna or other receiving device). In the first case, when there is hazardous/dangerous cargo at issue, it may be desirable to disable a vehicle only when local authorities indicate to thecall center30 that it is safe to do so.
• Tamper Resistance[0028]
• To prevent the security system from being susceptible to tampering, “smart relays”[0029]48 can be used that require periodic (every fifteen to thirty seconds) commands fromsecurity manager processor30 via vehicle I/O52. These data commands would be messages that can either be fixed or a rolling code that changes periodically. “Smart relay”48 would compare the received code to the expected code and if matched, would continue normal operation. If thesecurity manager processor30 were removed, destroyed, or otherwise interrupted (such as caused by cutting the wiring), the “smart relay”48 would activate automatically thereby shutting down the vehicle. In an OEM type installation, theengine control module56, ortransmission control module58, orbrake control module60 can be modified to expect a periodic message from thesecurity manager processor30 that indicates that thesecurity manager processor30 is still connected. Like the message received by the “smart relay”48, the message received by theengine control module56, thetransmission control module58, orbrake control module60 can be either a fixed data message or a rolling code message that changes periodically.
• The foregoing detailed description shows that the preferred embodiments of the present invention are well suited to fulfill the object of the invention. It is recognized, however, that those skilled in the art may make various modifications or additions to the preferred embodiments chosen here to illustrate the present invention, without departing from the spirit of the present invention. Accordingly, it is to be understood that the coverage sought to be afforded hereby should be deemed to extend to the subject matter defined in the appended claims, including all fair equivalents thereof.[0030]

Claims (33)

We claim:

1. A security system, comprising:

a vehicle based security manager processor a communications module linked to said security manager processor, wherein said communications module is capable of communicating to a remote call center by way of an internet communications link,

wherein said security manager processor includes means for acting on a shutdown command from said call center, and means for incapacitating said vehicle.

2. The security system ofclaim 1, wherein said security manager processor is contained within a vehicle entertainment system.

3. The security system ofclaim 1, wherein said communications module includes a wireless modem.

4. The security system ofclaim 1, wherein said communications module includes an internet connection module.

5. The security system ofclaim 4, wherein said communications module further includes a web server secured access module.

6. The security system ofclaim 5, wherein said communications module further includes a web page provider module.

7. The security system ofclaim 1, wherein said security system further includes at least one of a voice input link, fingerprint ID link, or a keyboard input link coupled to said security manager processor.

8. The security system ofclaim 1, wherein said security manager processor is coupled to a fuel relay of said vehicle.

9. The security system ofclaim 1, wherein said security manager processor is coupled to a smart relay.

10. The security system ofclaim 1, wherein said security manager processor is coupled to an engine control module interrupt relay.

11. The security system ofclaim 1, wherein said security manager processor is coupled to an engine control module.

12. The security system ofclaim 1, wherein said security manager processor is coupled to a transmission control module.

13. The security system ofclaim 1, wherein said security manager processor is coupled to a brake control module.

14. The security system ofclaim 1, wherein said security manager processor is coupled to a remote R.F. link receiver.

15. Method of incapacitating a vehicle, comprising the steps of:

a) receiving a command in a call center that a vehicle has deviated from a predetermined protocol,

b) sending from said call center, by way of a wireless communication, a shut down command to a security system mounted in said vehicle,

c) conducting a shut down procedure whereby said vehicle is incapacitated.

16. The method ofclaim 15, wherein step b) is conducted over the internet by way of a wireless modem.

17. The method ofclaim 16, wherein step a) includes receiving a communication from a vehicle operator.

18. The method ofclaim 16, wherein step a) includes receiving a communication from a Global Position Sensor mounted in said vehicle.

19. The method ofclaim 18, wherein said Global Position Sensor communication takes place over the internet.

20. The method ofclaim 15, wherein said predetermined protocol includes downloading vehicle routing information to said call center.

21. The method ofclaim 15, wherein said predetermined protocol includes downloading vehicle routing information to said vehicle security system.

22. The method ofclaim 20, further including the step of comparing said downloaded vehicle routing information with information collected by a Global Positing system mounted in the vehicle.

23. The method ofclaim 21, further including the step of comparing said downloaded vehicle routing information with information collected by a Global Positing system mounted in the vehicle.

24. Method of incapacitating a vehicle, comprising the steps of:

a) receiving a signal initiated by the vehicle driven,

b) checking the validity of the signal according to a predetermined protocol,

c) incapacitating the vehicle if the checking of step b) violates the terms of the predetermined protocol.

25. The method ofclaim 24, wherein said signal is initiated by said driver by way of using an ID remote transmitter FOB.

26. The method ofclaim 24, wherein said signal is initiated by said driver by way of using an input device to input an ID number.

27. The method ofclaim 26, wherein said ID number is reassigned from time to time using a rolling code algorithm.

28. The method ofclaim 27, wherein said rolling code algorithm is administered by a call center remote from said vehicle.

29. The method ofclaim 27, wherein said rolling code algorithm takes into account time and vehicle ID.

30. The method ofclaim 24, wherein the received signal is initiated by the driver using a battery operated wireless transmitter.

30. The method ofclaim 24, wherein incapacitating the vehicle includes preventing fuel to flow to the vehicle engine.

31. The method ofclaim 24, wherein incapacitating the vehicle includes incapacitating the transmission of the vehicle.

32. The method ofclaim 24, wherein incapacitating the vehicle includes causing a brake system of the vehicle to apply the vehicle brakes.

Images